To see many of the advantages of cloud computing without its risks, many enterprises are turning to private clouds, which are service layers contained within their firewalls that look and feel like public clouds. But these private clouds may actually be less secure and reliable than the public services.
You may not agree with Jason's premise about on-premises — in fact, I expect violent disagreement. And this is more of an either/or argument, rather than raising the possibility of blended strategies, such as employing public clouds as test beds, but keeping applications in production within private clouds.
That said, here are Jason's arguments for public cloud and against private cloud:
Private clouds tend to use older technology than public clouds: You may have spent hundreds of thousands of dollars on new hardware and software, but try getting your organization to agree to that every year.
Public clouds shift capital expenses to operational expenses: It's pay as you go, versus building an entire datacenter, no matter how virtualized it may be.
Public clouds have better utilization rates: With private cloud, your organization still has to build and maintain all kinds of servers to meet spikes in demand across various divisions or functions. Public cloud offers the same spare demand on a pay-as-you-need-it basis.
Public clouds keep infrastructure costs low for new projects: With private clouds, you still need to scare up sometimes scarce on-site resources for unplanned projects that may pop up.
Public clouds offer greater elasticity: "You'll never consume all the capacity of a public cloud, but your private cloud is another matter entirely."
Public clouds get enterprises out of the "datacenter business": establishing private cloud probably gets you in deeper into the DC business than with traditional on-premises servers.
Public clouds have greater economies of scale: No private cloud can compete with the likes of Google and Amazon on price. And the public providers are constantly buying boatloads of the latest security technology.
Public clouds are hardened through continual hacking attempts: Thousands of hackers have been pounding Google and Amazon for years now. The public cloud providers are ready for anything at this point.
Public clouds attract the best security people available: They seek out the top security experts, will pay them top dollar, and treat them as the most important part of their businesses, which they are. Do traditional enterprises treat security teams this way?
Private clouds suffer from "perimeter complacency": "If it's on the internal network, it must be secure!" 'nuff said...
Private cloud staff competence is an unknown: Your organization may have a lot of talented and knowledgeable people, but is data security the main line of your business?
Private cloud penetration testing is insufficient: Even if you test your applications and networks on a regular basis (which man organizations don't), these only tell you if things are secure at that exact moment.